Thanks for everyone's response. to Andre' Warnier, yes. There are many ProxyPass statements in nss.conf on the Apache webserver. They appear to have taken the place of redirect statements in ssl.conf, which is no longer in use.
Your configuration assumption is correct, except that the users will connect to the webserver on port 80 and port 443, and it is invisible to them where they are going on the app server. Thanks, Larry On Tue, Jun 16, 2015 at 12:06 PM, André Warnier <a...@ice-sa.com> wrote: > Cohen, Laurence wrote: > >> Hi, >> >> I find myself in a position where I am the only system administrator on a >> project that uses tomcat appserver and apache webeserver with a postgres >> backend. >> > > I am going to do some guesswork here, and you'll tell us if I'm wrong. > > Presumably, considering what you are saying above, your actual setup may > be : > > browser <-- --> Apache httpd server front-end <-- --> Tomcat <-- --> > webapp <-- --> back-end postgres database > > So the browser clients actually connect to the Apache front-end server on > port 80, and the front-end passes some or all of the requests to Tomcat in > the background. > (And the users never see a URL which mentions port 8007). > > Right/wrong ? > > If right, do you know what is the mechanism used in the front-end Apache > httpd server, to connect to the back-end Tomcat service ? > Specifically, are there any "ProxyPass" directives in the configuration of > the front-end Apache server ? > > > > We have two applications, and before and changeover from mod_ssl > >> to mod_nss we were able to go over port 80 to grab files out of the >> database. The web app in question is listening on port 8007, but proxied >> on 443. After we switch to mod_nss, something happened with the >> configuration or the Rewrite Rules, where we can not longer use port 80, >> although port 443 is working fine. >> >> In server.xml I can see the following connector line: >> >> <Connector port="8007" protocol="HTTP/1.1" SSLEnabled="true" >> executor="tomcatThreadPool" >> connectionTimeout="600000" >> scheme="https" secure="true" >> clientAuth="false" sslProtocol="TLS" >> keystoreFile="/opt/dse/keystores/keystore.tomcat" >> keystorePass="changeit" >> truststoreFile="/opt/dse/keystores/truststore.jks" >> truststorePass="password" proxyName="testweb01.novetta.com >> " >> proxyPort="443"/> >> >> My first question is, can I add another connector line, proxying to port >> 80 >> as so: >> >> <Connector port="8007" protocol="HTTP/1.1" SSLEnabled="true" >> executor="tomcatThreadPool" >> connectionTimeout="600000" >> scheme="https" secure="true" >> clientAuth="false" sslProtocol="TLS" >> keystoreFile="/opt/dse/keystores/keystore.tomcat" >> keystorePass="changeit" >> truststoreFile="/opt/dse/keystores/truststore.jks" >> truststorePass="password" proxyName="testweb01.novetta.com >> " >> proxyPort="80"/> >> >> Thanks, >> >> Larry Cohen >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
